<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>User authentication in Django &mdash; Django 1.7.8.dev20150401230226 documentation</title>
    
    <link rel="stylesheet" href="../../_static/default.css" type="text/css" />
    <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '../../',
        VERSION:     '1.7.8.dev20150401230226',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="../../_static/jquery.js"></script>
    <script type="text/javascript" src="../../_static/underscore.js"></script>
    <script type="text/javascript" src="../../_static/doctools.js"></script>
    <link rel="top" title="Django 1.7.8.dev20150401230226 documentation" href="../../index.html" />
    <link rel="up" title="Using Django" href="../index.html" />
    <link rel="next" title="Using the Django authentication system" href="default.html" />
    <link rel="prev" title="Advanced testing topics" href="../testing/advanced.html" />



 
<script type="text/javascript" src="../../templatebuiltins.js"></script>
<script type="text/javascript">
(function($) {
    if (!django_template_builtins) {
       // templatebuiltins.js missing, do nothing.
       return;
    }
    $(document).ready(function() {
        // Hyperlink Django template tags and filters
        var base = "../../ref/templates/builtins.html";
        if (base == "#") {
            // Special case for builtins.html itself
            base = "";
        }
        // Tags are keywords, class '.k'
        $("div.highlight\\-html\\+django span.k").each(function(i, elem) {
             var tagname = $(elem).text();
             if ($.inArray(tagname, django_template_builtins.ttags) != -1) {
                 var fragment = tagname.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + tagname + "</a>");
             }
        });
        // Filters are functions, class '.nf'
        $("div.highlight\\-html\\+django span.nf").each(function(i, elem) {
             var filtername = $(elem).text();
             if ($.inArray(filtername, django_template_builtins.tfilters) != -1) {
                 var fragment = filtername.replace(/_/, '-');
                 $(elem).html("<a href='" + base + "#" + fragment + "'>" + filtername + "</a>");
             }
        });
    });
})(jQuery);
</script>


  </head>
  <body>

    <div class="document">
  <div id="custom-doc" class="yui-t6">
    <div id="hd">
      <h1><a href="../../index.html">Django 1.7.8.dev20150401230226 documentation</a></h1>
      <div id="global-nav">
        <a title="Home page" href="../../index.html">Home</a>  |
        <a title="Table of contents" href="../../contents.html">Table of contents</a>  |
        <a title="Global index" href="../../genindex.html">Index</a>  |
        <a title="Module index" href="../../py-modindex.html">Modules</a>
      </div>
      <div class="nav">
    &laquo; <a href="../testing/advanced.html" title="Advanced testing topics">previous</a>
     |
    <a href="../index.html" title="Using Django" accesskey="U">up</a>
   |
    <a href="default.html" title="Using the Django authentication system">next</a> &raquo;</div>
    </div>

    <div id="bd">
      <div id="yui-main">
        <div class="yui-b">
          <div class="yui-g" id="topics-auth-index">
            
  <div class="section" id="s-user-authentication-in-django">
<span id="user-authentication-in-django"></span><h1>User authentication in Django<a class="headerlink" href="#user-authentication-in-django" title="Permalink to this headline">¶</a></h1>
<div class="toctree-wrapper compound">
</div>
<span class="target" id="module-django.contrib.auth"></span><p>Django comes with a user authentication system. It handles user accounts,
groups, permissions and cookie-based user sessions. This section of the
documentation explains how the default implementation works out of the box, as
well as how to <a class="reference internal" href="customizing.html"><em>extend and customize</em></a> it to
suit your project&#8217;s needs.</p>
<div class="section" id="s-overview">
<span id="overview"></span><h2>Overview<a class="headerlink" href="#overview" title="Permalink to this headline">¶</a></h2>
<p>The Django authentication system handles both authentication and authorization.
Briefly, authentication verifies a user is who they claim to be, and
authorization determines what an authenticated user is allowed to do. Here the
term authentication is used to refer to both tasks.</p>
<p>The auth system consists of:</p>
<ul class="simple">
<li>Users</li>
<li>Permissions: Binary (yes/no) flags designating whether a user may perform
a certain task.</li>
<li>Groups: A generic way of applying labels and permissions to more than one
user.</li>
<li>A configurable password hashing system</li>
<li>Forms and view tools for logging in users, or restricting content</li>
<li>A pluggable backend system</li>
</ul>
<p>The authentication system in Django aims to be very generic and doesn&#8217;t provide
some features commonly found in web authentication systems. Solutions for some
of these common problems have been implemented in third-party packages:</p>
<ul class="simple">
<li>Password strength checking</li>
<li>Throttling of login attempts</li>
<li>Authentication against third-parties (OAuth, for example)</li>
</ul>
</div>
<div class="section" id="s-installation">
<span id="installation"></span><h2>Installation<a class="headerlink" href="#installation" title="Permalink to this headline">¶</a></h2>
<p>Authentication support is bundled as a Django contrib module in
<tt class="docutils literal"><span class="pre">django.contrib.auth</span></tt>. By default, the required configuration is already
included in the <tt class="file docutils literal"><span class="pre">settings.py</span></tt> generated by <a class="reference internal" href="../../ref/django-admin.html#django-admin-startproject"><tt class="xref std std-djadmin docutils literal"><span class="pre">django-admin.py</span>
<span class="pre">startproject</span></tt></a>, these consist of two items listed in your
<a class="reference internal" href="../../ref/settings.html#std:setting-INSTALLED_APPS"><tt class="xref std std-setting docutils literal"><span class="pre">INSTALLED_APPS</span></tt></a> setting:</p>
<ol class="arabic simple">
<li><tt class="docutils literal"><span class="pre">'django.contrib.auth'</span></tt> contains the core of the authentication framework,
and its default models.</li>
<li><tt class="docutils literal"><span class="pre">'django.contrib.contenttypes'</span></tt> is the Django <a class="reference internal" href="../../ref/contrib/contenttypes.html"><em>content type system</em></a>, which allows permissions to be associated with
models you create.</li>
</ol>
<p>and two items in your <a class="reference internal" href="../../ref/settings.html#std:setting-MIDDLEWARE_CLASSES"><tt class="xref std std-setting docutils literal"><span class="pre">MIDDLEWARE_CLASSES</span></tt></a> setting:</p>
<ol class="arabic simple">
<li><a class="reference internal" href="../../ref/middleware.html#django.contrib.sessions.middleware.SessionMiddleware" title="django.contrib.sessions.middleware.SessionMiddleware"><tt class="xref py py-class docutils literal"><span class="pre">SessionMiddleware</span></tt></a> manages
<a class="reference internal" href="../http/sessions.html"><em>sessions</em></a> across requests.</li>
<li><a class="reference internal" href="../../ref/middleware.html#django.contrib.auth.middleware.AuthenticationMiddleware" title="django.contrib.auth.middleware.AuthenticationMiddleware"><tt class="xref py py-class docutils literal"><span class="pre">AuthenticationMiddleware</span></tt></a> associates
users with requests using sessions.</li>
</ol>
<p>With these settings in place, running the command <tt class="docutils literal"><span class="pre">manage.py</span> <span class="pre">migrate</span></tt> creates
the necessary database tables for auth related models and permissions for any
models defined in your installed apps.</p>
</div>
<div class="section" id="s-usage">
<span id="usage"></span><h2>Usage<a class="headerlink" href="#usage" title="Permalink to this headline">¶</a></h2>
<p><a class="reference internal" href="default.html"><em>Using Django&#8217;s default implementation</em></a></p>
<ul class="simple">
<li><a class="reference internal" href="default.html#user-objects"><em>Working with User objects</em></a></li>
<li><a class="reference internal" href="default.html#topic-authorization"><em>Permissions and authorization</em></a></li>
<li><a class="reference internal" href="default.html#auth-web-requests"><em>Authentication in web requests</em></a></li>
<li><a class="reference internal" href="default.html#auth-admin"><em>Managing users in the admin</em></a></li>
</ul>
<p><a class="reference internal" href="../../ref/contrib/auth.html"><em>API reference for the default implementation</em></a></p>
<p><a class="reference internal" href="customizing.html"><em>Customizing Users and authentication</em></a></p>
<p><a class="reference internal" href="passwords.html"><em>Password management in Django</em></a></p>
</div>
</div>


          </div>
        </div>
      </div>
      
        
          <div class="yui-b" id="sidebar">
            
      <div class="sphinxsidebar">
        <div class="sphinxsidebarwrapper">
  <h3><a href="../../contents.html">Table Of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">User authentication in Django</a><ul>
<li><a class="reference internal" href="#overview">Overview</a></li>
<li><a class="reference internal" href="#installation">Installation</a></li>
<li><a class="reference internal" href="#usage">Usage</a></li>
</ul>
</li>
</ul>

  <h3>Browse</h3>
  <ul>
    
      <li>Prev: <a href="../testing/advanced.html">Advanced testing topics</a></li>
    
    
      <li>Next: <a href="default.html">Using the Django authentication system</a></li>
    
  </ul>
  <h3>You are here:</h3>
  <ul>
      <li>
        <a href="../../index.html">Django 1.7.8.dev20150401230226 documentation</a>
        
          <ul><li><a href="../index.html">Using Django</a>
        
        <ul><li>User authentication in Django</li></ul>
        </li></ul>
      </li>
  </ul>

  <h3>This Page</h3>
  <ul class="this-page-menu">
    <li><a href="../../_sources/topics/auth/index.txt"
           rel="nofollow">Show Source</a></li>
  </ul>
<div id="searchbox" style="display: none">
  <h3>Quick search</h3>
    <form class="search" action="../../search.html" method="get">
      <input type="text" name="q" />
      <input type="submit" value="Go" />
      <input type="hidden" name="check_keywords" value="yes" />
      <input type="hidden" name="area" value="default" />
    </form>
    <p class="searchtip" style="font-size: 90%">
    Enter search terms or a module, class or function name.
    </p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
              <h3>Last update:</h3>
              <p class="topless">Apr 02, 2015</p>
          </div>
        
      
    </div>

    <div id="ft">
      <div class="nav">
    &laquo; <a href="../testing/advanced.html" title="Advanced testing topics">previous</a>
     |
    <a href="../index.html" title="Using Django" accesskey="U">up</a>
   |
    <a href="default.html" title="Using the Django authentication system">next</a> &raquo;</div>
    </div>
  </div>

      <div class="clearer"></div>
    </div>
  </body>
</html>